*** Please note: An updated version of this course is available here. ***
Security is a critical concern for anyone who uses the cloud. Microsoft takes this seriously and built and operates the Azure Platform with security as a key principle. Microsoft secures data centers, and management applications; and provides pay-as-you-go security services. Learn how to take advantage of these security features and services to enable strong security practices in your organization and to protect and secure your own cloud applications.
This course is for security engineers, chief security officers, solution architects, information technologists or anyone wanting to understand security options within the Azure platform.
Viewers should have a basic understanding of cyber security, authentication and authorization best practices, and encryption. Some familiarity with the Azure platform will also be helpful but is not required.
Learning Objectives
- Understand the shared responsibility model
- Learn how to secure Azure resources such as virtual machines and storage accounts
- Learn how to secure your Azure-based applications
- Learn how to monitor your Azure resources with Azure Security Center
Lessons
Welcome and Introduction: A brief introduction to the course and an overview of what Bill and Maura will be covering.
Shared Responsibility: In this lesson we'll cover Cyber Security, using CIA Principle: Confidentiality – Integrity. Availability; what security professionals do to ensure the parts of CIA: Prevent – Detect – Respond.
Microsoft’s responsibilities and their own security/compliance processes. What a customer is responsible for. And finally the tools that Azure provides, including AAD, Encryption, secure networking
Protecting Accounts: In this lesson we'll cover Azure Active Directory, and Mult-Factor Authorization.
Securing the Azure Portal: In this lesson we'll cover role-based access control.
Indentity Management for Apps: In this lesson we'll cover AAD protection and integration for business Apps.
Network Security: In this lesson we'll cover Virtual Private Networks and firewalls.
Data Security: In this lesson we'll cover Encryption and Masking.
Secrets Management: In this lesson we'll cover Key Vault and Shared Access Signatures.
Monitoring and Audting: In this lesson we'll discuss the Azure Security Center.
Course Conclusion: Course Wrap-Up
Welcome to the Cloud Academy course Azure Security Solutions. My name is Bill Wilder and I'll be your instructor for this course. Though you'll be hearing just my voice, this course was co-created along with Maura Wilder. Here's a little bit about us. I'm a software developer and architect, a seven time Microsoft MVP for Azure and the author of the book Cloud Architecture Patterns. Maura Wilder is also a software developer and architect.
We've both been working with Azure since 2009. We both became Microsoft Certified Professionals by passing the very first Azure exam offered in beta back in 2011. And we both were among the earliest Azure insiders.
Security is a critical concern for anyone who uses the cloud. Microsoft takes this seriously and has built and now operates the Azure platform with the security as a core design principle. In this course we cover Azure features and services that are designed to allow you and your organization to operate securely. Including services designed to help secure your environment and your cloud based applications.
This course focuses on common use cases for first party preventive defensive security features for applications and services running within Azure. Though there are some callouts to other security capabilities that might be of interest. This course is intended for security engineers, solution architects, information technologists and anyone who needs to understand the security of their organization's Azure cloud environment, data and applications. A basic understanding of information security is assumed.
This course is broken down into the following sections: In lecture one, we'll discuss the shared responsibility model. When securing resources and applications in the cloud, we share the responsibility of security with Microsoft. We'll discuss what Microsoft does and what their responsibilities are and then we'll discuss what our responsibilities are as the customer and owner of the data and resources to be secured. In lectures two, three and four, we'll cover identity and access management. Commonly abbreviated as IAM. These are services for authenticating and authorizing users. We'll go over identity and access management within Azure.
For instance, for securing your Azure account and also for use within your own applications. These are services that Azure provides that you can use within your own custom cloud solutions. In lectures five through eight, we'll cover data security, network security and secrets management. Data security will cover various techniques for encrypting data at rest in features available to secure data during transit.
For network security, we'll cover network security groups, firewall technologies and virtual private networks. And in secrets management, we'll examine Azure key vault, a service for storing passwords, database connection strings and other secrets along with digital certificates. In lecture nine, we'll cover security monitoring in Azure. We'll look at SQL database monitoring and we'll see how Azures's security center aggregates relevant log information and suggests security updates and patches for your resources. Then, we'll conclude the course with a summary of the topics we've covered and provide a list of resources for follow up. Let's get started.
Bill Wilder is a hands-on architect currently focused on building cloud-native solutions on the Microsoft Azure cloud platform. Bill is CTO at Finomial which provides SaaS solutions to the global hedge fund industry from the cloud, co-founded Development Partners Software in 1999, and has broad industry experience with companies of all sizes – from modest startups to giant enterprises. Bill has been leading the Boston Azure group since founding it in 2009, has been recognized as a Microsoft MVP for Azure since 2010, and is author of Cloud Architecture Patterns (O’Reilly Media, 2012). He speaks frequently at community events, and occasionally at conferences, usually on topics relating to cloud, cybersecurity, and software architecture.